On Tuesday, Cybersecurity firm Malwarebytes conceded that it was targeted by the same hackers responsible for the SolarWinds attack, in which suspected Russian nation-state hackers compromised the systems of the IT management company in a sophisticated supply chain attack. Although Malwarebytes has not used any SolarWinds products, an internal investigation revealed that the threat actor was able to gain access to some systems, including emails, through abusing applications with access to Microsoft 365 and Azure.
The extent of the attack was minimal and there is no evidence of unauthorized access to any internal on-premises environments, according to the CEO of Malwarebytes Marcin Kleczynski. The hackers only obtained access to a limited set of internal company emails. The breach was identified after Microsoft notified customers about suspicious activity conducted by the SolarWinds threat actors.
Read More: Malwarebytes Targeted by SolarWinds Hackers